From patchwork Thu Sep 29 09:37:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leon Romanovsky X-Patchwork-Id: 12993840 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id F12EFC433F5 for ; Thu, 29 Sep 2022 09:38:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234971AbiI2Ji2 (ORCPT ); Thu, 29 Sep 2022 05:38:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53238 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234956AbiI2JiV (ORCPT ); Thu, 29 Sep 2022 05:38:21 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7E4D1112FEC; Thu, 29 Sep 2022 02:38:14 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 77A8860EA5; Thu, 29 Sep 2022 09:38:13 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1C669C433C1; Thu, 29 Sep 2022 09:38:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1664444292; bh=joLgN+ItAGto0LT0pRnJ9952UZWeCLPyfeuxsOlctg8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hT4d1Ic+mM0ASs1jwCFUNMusqrUNNWETNw25XhksLUV4AJdePTOfRmo0oIl/YdTEu a0nweqq1tyuoAb4UbtLbhRqr4Z6XxJaC76w3ORiDim6m/g+oHwNJCBBx/hRtmEaCML Mxau8mqtwHZ0XC7FFY15L8q+EhCbad6IUooGbpeWH9mRJODY/ggTlTlJTyig5WkpTl 6nuXqvSc3Jcy6cKAXQ4WdzgRoAKLLtboFe5crE3AZLfyc+mYze3HWcqewMeVH9xGwp +Uu9FaNb2ghxlQGKgleWZpDT+gI1QpFejRkh4dcYNZr9R8fKozOVFa37svai79SOOW MVyD1tKFIFqJA== From: Leon Romanovsky To: v9fs-developer@lists.sourceforge.net Cc: linux_oss@crudebyte.com, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, Dominique Martinet , syzbot+67d13108d855f451cafc@syzkaller.appspotmail.com, davem@davemloft.net, edumazet@google.com, ericvh@gmail.com, kuba@kernel.org, lucho@ionkov.net, netdev@vger.kernel.org Subject: [PATCH 1/2] Revert "9p: p9_client_create: use p9_client_destroy on failure" Date: Thu, 29 Sep 2022 12:37:55 +0300 Message-Id: <024537aa138893c838d9cacc2e24f311c1e83d25.1664442592.git.leonro@nvidia.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Rely on proper unwind order. This reverts commit 3ff51294a05529d0baf6d4b2517e561d12efb9f9. Reported-by: syzbot+67d13108d855f451cafc@syzkaller.appspotmail.com Signed-off-by: Leon Romanovsky --- net/9p/client.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/net/9p/client.c b/net/9p/client.c index bfa80f01992e..aaa37b07e30a 100644 --- a/net/9p/client.c +++ b/net/9p/client.c @@ -961,10 +961,14 @@ struct p9_client *p9_client_create(const char *dev_name, char *options) char *client_id; err = 0; - clnt = kzalloc(sizeof(*clnt), GFP_KERNEL); + clnt = kmalloc(sizeof(*clnt), GFP_KERNEL); if (!clnt) return ERR_PTR(-ENOMEM); + clnt->trans_mod = NULL; + clnt->trans = NULL; + clnt->fcall_cache = NULL; + client_id = utsname()->nodename; memcpy(clnt->name, client_id, strlen(client_id) + 1); @@ -974,7 +978,7 @@ struct p9_client *p9_client_create(const char *dev_name, char *options) err = parse_opts(options, clnt); if (err < 0) - goto out; + goto free_client; if (!clnt->trans_mod) clnt->trans_mod = v9fs_get_default_trans(); @@ -983,7 +987,7 @@ struct p9_client *p9_client_create(const char *dev_name, char *options) err = -EPROTONOSUPPORT; p9_debug(P9_DEBUG_ERROR, "No transport defined or default transport\n"); - goto out; + goto free_client; } p9_debug(P9_DEBUG_MUX, "clnt %p trans %p msize %d protocol %d\n", @@ -991,7 +995,7 @@ struct p9_client *p9_client_create(const char *dev_name, char *options) err = clnt->trans_mod->create(clnt, dev_name, options); if (err) - goto out; + goto put_trans; if (clnt->msize > clnt->trans_mod->maxsize) { clnt->msize = clnt->trans_mod->maxsize; @@ -1005,12 +1009,12 @@ struct p9_client *p9_client_create(const char *dev_name, char *options) p9_debug(P9_DEBUG_ERROR, "Please specify a msize of at least 4k\n"); err = -EINVAL; - goto out; + goto close_trans; } err = p9_client_version(clnt); if (err) - goto out; + goto close_trans; /* P9_HDRSZ + 4 is the smallest packet header we can have that is * followed by data accessed from userspace by read @@ -1023,8 +1027,12 @@ struct p9_client *p9_client_create(const char *dev_name, char *options) return clnt; -out: - p9_client_destroy(clnt); +close_trans: + clnt->trans_mod->close(clnt); +put_trans: + v9fs_put_trans(clnt->trans_mod); +free_client: + kfree(clnt); return ERR_PTR(err); } EXPORT_SYMBOL(p9_client_create); From patchwork Thu Sep 29 09:37:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Leon Romanovsky X-Patchwork-Id: 12993839 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 812BFC433FE for ; Thu, 29 Sep 2022 09:38:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235314AbiI2JiX (ORCPT ); Thu, 29 Sep 2022 05:38:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53200 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234971AbiI2JiU (ORCPT ); Thu, 29 Sep 2022 05:38:20 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B8559D74; Thu, 29 Sep 2022 02:38:11 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id C6564B823AB; Thu, 29 Sep 2022 09:38:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DD135C433D6; Thu, 29 Sep 2022 09:38:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1664444288; bh=QDrBceZLFCpWcKESUJre+lgPFQsOo9h2zyNFxdUY+cA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mbplxQUOC7Q/7W7g5WwfPoKkc32IUdmzsyoeILMSCAN2PDxSZnIx5Thy5qwd9JkBr cIYAMOwsFiUb12Q1/CfhAgVJ7YXHlASdLJvXciLIrVBGvtWvbcc7iq0e4gk5BgYA3a JuxLm4+dc3Fe72qOYrjk2rVVx8/iXm69yB6g0buDolIBhX9fXN3CEY6Ky4tN3HQXWS jJZYoKd7aPPD0DLFNopz9wTjEoq+25Pf1WSsfwIHqob5Rqk8Fzn6bJLwWzFlanJG7X kHusGKcUEOghKhK3se8dsWm/WaZd/aMuW2W8yQABZav9BFWXJWVB2YWDcKfqkQc4OP lErSJHgI5YfKw== From: Leon Romanovsky To: v9fs-developer@lists.sourceforge.net Cc: linux_oss@crudebyte.com, linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com, Dominique Martinet , syzbot+67d13108d855f451cafc@syzkaller.appspotmail.com, davem@davemloft.net, edumazet@google.com, ericvh@gmail.com, kuba@kernel.org, lucho@ionkov.net, netdev@vger.kernel.org, syzbot+de52531662ebb8823b26@syzkaller.appspotmail.com Subject: [PATCH 2/2] 9p: destroy client in symmetric order Date: Thu, 29 Sep 2022 12:37:56 +0300 Message-Id: <743fc62b2e8d15c84e234744e3f3f136c467752d.1664442592.git.leonro@nvidia.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Make sure that all variables are initialized and released in correct order. Reported-by: syzbot+de52531662ebb8823b26@syzkaller.appspotmail.com Signed-off-by: Leon Romanovsky --- net/9p/client.c | 37 ++++++++++++------------------------- 1 file changed, 12 insertions(+), 25 deletions(-) diff --git a/net/9p/client.c b/net/9p/client.c index aaa37b07e30a..8277e33506e7 100644 --- a/net/9p/client.c +++ b/net/9p/client.c @@ -179,7 +179,6 @@ static int parse_opts(char *opts, struct p9_client *clnt) goto free_and_return; } - v9fs_put_trans(clnt->trans_mod); clnt->trans_mod = v9fs_get_trans_by_name(s); if (!clnt->trans_mod) { pr_info("Could not find request transport: %s\n", @@ -187,7 +186,7 @@ static int parse_opts(char *opts, struct p9_client *clnt) ret = -EINVAL; } kfree(s); - break; + goto free_and_return; case Opt_legacy: clnt->proto_version = p9_proto_legacy; break; @@ -211,9 +210,14 @@ static int parse_opts(char *opts, struct p9_client *clnt) } } + clnt->trans_mod = v9fs_get_default_trans(); + if (!clnt->trans_mod) { + ret = -EPROTONOSUPPORT; + p9_debug(P9_DEBUG_ERROR, + "No transport defined or default transport\n"); + } + free_and_return: - if (ret) - v9fs_put_trans(clnt->trans_mod); kfree(tmp_options); return ret; } @@ -956,19 +960,14 @@ static int p9_client_version(struct p9_client *c) struct p9_client *p9_client_create(const char *dev_name, char *options) { - int err; struct p9_client *clnt; char *client_id; + int err = 0; - err = 0; - clnt = kmalloc(sizeof(*clnt), GFP_KERNEL); + clnt = kzalloc(sizeof(*clnt), GFP_KERNEL); if (!clnt) return ERR_PTR(-ENOMEM); - clnt->trans_mod = NULL; - clnt->trans = NULL; - clnt->fcall_cache = NULL; - client_id = utsname()->nodename; memcpy(clnt->name, client_id, strlen(client_id) + 1); @@ -980,16 +979,6 @@ struct p9_client *p9_client_create(const char *dev_name, char *options) if (err < 0) goto free_client; - if (!clnt->trans_mod) - clnt->trans_mod = v9fs_get_default_trans(); - - if (!clnt->trans_mod) { - err = -EPROTONOSUPPORT; - p9_debug(P9_DEBUG_ERROR, - "No transport defined or default transport\n"); - goto free_client; - } - p9_debug(P9_DEBUG_MUX, "clnt %p trans %p msize %d protocol %d\n", clnt, clnt->trans_mod, clnt->msize, clnt->proto_version); @@ -1044,9 +1033,8 @@ void p9_client_destroy(struct p9_client *clnt) p9_debug(P9_DEBUG_MUX, "clnt %p\n", clnt); - if (clnt->trans_mod) - clnt->trans_mod->close(clnt); - + kmem_cache_destroy(clnt->fcall_cache); + clnt->trans_mod->close(clnt); v9fs_put_trans(clnt->trans_mod); idr_for_each_entry(&clnt->fids, fid, id) { @@ -1056,7 +1044,6 @@ void p9_client_destroy(struct p9_client *clnt) p9_tag_cleanup(clnt); - kmem_cache_destroy(clnt->fcall_cache); kfree(clnt); } EXPORT_SYMBOL(p9_client_destroy);